Page 786 - StudyBook.pdf
P. 786
770 Appendix • Self Test Appendix
A. Worm
B. Spyware
C. Logic Bomb
D. DDoS
B. CodeRed did not spy upon the victim.As a Worm (A) it self-replicated through IIS; as a
Logic Bomb it waited until August 15 to launch an attack; as a DDoS it tried to launch a coor-
dinated attack from multiple sources at the same time.
4. The mail server is receiving a large number of spam e-mails and users have hundreds of
unwanted messages in their mailbox.What kind of attack are you receiving?
A. A rootkit
B. A DoS flooding attack
C. A virus
D. A Logic bomb
B. The company is being flooded with e-mail in an attempt to deny service to the mail server.
A. No attempts to hide within the OS is being made. C. A virus normally is not self-repli-
cating. D. A logic bomb would attack at a certain time only, and is not e-mail-based.
5. You suspect your network was under a SYN Attack last night.The only data you have is a ses-
sion captured by a sniffer on the affected network.Which of the following conditions is a
sure-tell sign that a SYN attack is taking place?
A. A very large number of SYN packets.
B. Having more SYN | ACK packets in the network than SYN packets.
C. Having more SYN | ACK packets in the network than ACK packets.
D. Having more ACK packets in the network than SYN packets.
C. In a SYN attack, the victim keeps waiting for the ACK packets to establish a TCP hand-
shake, so fewer ACK packets indicates that the victim will be waiting for those to arrive.
A. Many SYN packets can be the result of peak traffic, not necessarily an attack. B. More SYN
| ACK packets than SYN packets indicates a problem in the responding machines of an
attacked network, not a SYN attack. D. It’s very unlikely that more ACK packets will be seen
than SYN packets, and it would not be a SYN attack.
6. While analyzing your logs, you notice that internal IPs are being dropped, because they are
trying to enter through the Internet connection.What type of attack is this?
A. DoS
B. MITM
C. Replay Attack
D. IP Spoofing
www.syngress.com
